LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:049: subversion Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in subversion: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:049
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in subversion:
 
 The get_resource function in repos.c in the mod_dav_svn module
 in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when
 SVNListParentPath is enabled, allows remote attackers to cause a
 denial of service (crash) via vectors related to the server root
 and request methods other than GET, as demonstrated by the svn ls
 http://svn.example.com command (CVE-2014-0032).
 
 This advisory provides the latest version of subversion (1.7.16)
 which is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 25a0792c0644c3469694b1aed87920c4  mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm
 5c4a0db4d471323f53b1062f495cc4d7  mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm
 cf1185d10113c2ba5bfa5be6bc2c0c47  mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm
 e3cc87ab3d41b46bf520bb292c12526f  mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm
 27b585a2d79689d73233463841f2bc80  mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 0039001ca9d125bfb557cffcc2f5b8c5  mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 4776c4ae660efbbc357c3c35fc9bd01f  mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 6708ceca95968af6a53b6181278f8252  mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 261064f1e40912db8c0a863e0b907a6f  mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 a115aab61321b6fa8180c0debfc2ebe2  mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm
 942c99bfabaf203e5e10ac3ef394e63b  mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 32096c5120feb2ea6ece0675ef24412a  mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm
 35943db397129b7b6ab1ec48014356e8  mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm
 377718f8801578a0a02afd21daa9d96d  mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm
 be6f8cc3ef11f7219f6a07824795ed41  mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fe630b13878ebd2eef2301836d42a833  mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 34ea50c0238c1a71a0fb518ae81441a6  mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm
 a18979e9ea94488d2862e725b91ac995  mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm
 d186d26bf20b5b9cd6b6727f794b0747  mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm
 ba6923c0cb1f53ac8c96b682df7e5711  mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 18ef94dc37d3f7c4b161fdb71cb1900e  mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e0615817d08e9bdc3151d8de7b6f88da  mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 8f3f546f4b57e2e6fe2d951e02eafde1  mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0dd7b95e42ebe58bc5a3a368142f7de6  mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 da5acbb29a65970a911fdfd44e39e9d6  mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e4ccfd66a649b933ecc7bfd1fdba686d  mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 074511092d7547f4c01f7820c4a00cab  mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm
 2cada523fcd8673de0fb2f99de60dad6  mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0f435f9026b9460c5be686a4d8218350  mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm
 933d8dfd42cdd71c6d43b7bec209a5e7  mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 5095fc2f7b63d2374ba366051a873b58  mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm
 633a46f34b6da14ddcab055dcc7b43c6  mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm
 1ca8f4e33ce81302d36912ed217f80b3  mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm
 f70f985409153583212517dbada5ab0b  mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm
 ed488e73c53881ada31cba91eab5b086  mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm
 ed510f571e41eb525e342ec597d1cfbe  mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 6d4359f416b2a54ea9bb54275bc9cff2  mbs1/x86_64/python-svn-1.7.16-0.1.mbs1.x86_64.rpm
 406091c32bc4423da6afccf201e27ffb  mbs1/x86_64/python-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 6ccff4806cb52a1694387c97c9b9e016  mbs1/x86_64/ruby-svn-1.7.16-0.1.mbs1.x86_64.rpm
 e5d7242d92ca6ea497a308f7b34fe207  mbs1/x86_64/ruby-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 edb6502354863c56f29e7e65d75a21df  mbs1/x86_64/subversion-1.7.16-0.1.mbs1.x86_64.rpm
 71f817eda62ba04e639137541f85a7a1  mbs1/x86_64/subversion-devel-1.7.16-0.1.mbs1.x86_64.rpm
 1daf40a5cb7aff387e9cd52eaf5cec1a  mbs1/x86_64/subversion-doc-1.7.16-0.1.mbs1.x86_64.rpm
 da9f368e0f57688ad2727cf8f38650bb  mbs1/x86_64/subversion-gnome-keyring-devel-1.7.16-0.1.mbs1.x86_64.rpm
 2e96f1e645fe8ee6b398161e1cf1bd8a  mbs1/x86_64/subversion-server-1.7.16-0.1.mbs1.x86_64.rpm
 aef744152ee3c6f2298dca3ce64a3365  mbs1/x86_64/subversion-tools-1.7.16-0.1.mbs1.x86_64.rpm
 9e3a148929cbbcdaeffdc74f5082abf8  mbs1/x86_64/svn-javahl-1.7.16-0.1.mbs1.x86_64.rpm 
 b480b905c3a423649991f29d8853a006  mbs1/SRPMS/subversion-1.7.16-0.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.